The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems.

VMware would like to thank Tarjei Mandt for reporting theses issues to us.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product *

Product Version

Running On

Replace with/Apply Patch **

vCenter

any

Windows

not affected

Workstation

8.x

any

not affected

Player

4.x

any

not affected

Fusion

4.x

OS/X

not affected

ESXi

5.0

ESXi

ESXi500-201112402-BG

ESXi

4.1

ESXi

ESXi410-201110202-UG

ESXi

4.0

ESXi

ESXi400-201110402-BG

ESXi

3.5

ESXi

not affected

ESX

4.1

ESX

ESX410-201110201-SG

ESX

4.0

ESX

ESX400-201110401-SG

ESX

3.5

ESX

not affected

* Remediation for VMware View is described in VMSA-2012-0004.

** Notes on updating VMware Guest Tools:

After the update or patch is applied, VMware Guest Tools must be updated in any pre-existing Windows-based Guest Operating System. The XPDM and WDDM drivers are part of Tools.

Windows-Based Virtual Machines that have moved to Workstation 8 or Player 4 from a lower version of Workstation or Player are affected unless:

– They were moved from Workstation 7.1.5 or Player 3.1.5,

AND

– The Tools version was updated before the move.

Windows-Based Virtual Machines that have moved to Fusion 4 from a lower version of Fusion are affected.

b. vSphere Client internal browser input validation vulnerability

The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn’t properly sanitize input and may run script that is introduced into the log files. In order for the script to run, the user would need to open an individual, malicious log file entry. The script would run with the permissions of the user that runs the vSphere Client.

VMware would like to thank Edward Torkington for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1512 to this issue.

In order to remediate the issue, the vSphere Client of the vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release needs to be installed. The vSphere Clients that come with vSphere 4.0 and vCenter Server 2.5 are not affected.

c. vCenter Orchestrator Password Disclosure

The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.

VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue.

VMware Product

Product Version

Running On

Replace with/Apply Patch

vCO

4.2

Windows

Update 1

vCO

4.1

Windows

Update 2

vCO

4.0

Windows

Update 4

d. vShield Manager Cross-Site Request Forgery vulnerability

The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated request to the server.

VMware would like to thank Frans Pehrson of Xxor AB (www.xxor.se) and Claudio Criscione for independently reporting
this issue to us

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1514 to this issue.

VMware Product

Product Version

Running On

Replace with/Apply Patch

vSM

5.0

Linux

not affected

vSM

4.1

Linux

vSM 4.1.0 Update 1

vSM

4.0

Linux

vSM 1.0.1 Update 2

e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30

Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.

Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical Patch Update Advisory of October 2011. The References section
provides a link to this advisory.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product

Product Version

Running On

Replace with/Apply Patch

vCenter

5.0

Windows

patch pending

vCenter

4.1

Windows

patch pending

vCenter

4.0

Windows

not applicable **

VirutalCenter

2.5

Windows

not applicable **

Update Manager

5.0

Windows

Update Manager 5.0 Update 1

Update Manager

4.1

Windows

Not Applicable **

Update Manager

4.0

Windows

Not Applicable **

Hosted *

any

any

not affected

ESXi

any

ESXi

not applicable

ESX

4.1

ESX

patch pending

ESX

4.0

ESX

not affected

ESX

3.5

ESX

not affected

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Oracle (Sun) JRE 1.5.0 family

f. vCenter Server Apache Tomcat update 6.0.35

Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3190, CVE-2011-3375, and CVE-2012-0022 to these issues.

VMware Product

Product Version

Running On

Replace with/Apply Patch

vCenter

5.0

Windows

vCenter 5.0 Update 1

vCenter

4.1

Windows

patch pending

vCenter

4.0

Windows

patch pending

VirutalCenter

2.5

Windows

not applicable **

Hosted *

any

any

not affected

ESXi

any

ESXi

not applicable

ESX

4.1

ESX

patch pending

ESX

4.0

ESX

patch pending

ESX

3.5

ESX

not appilcable

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Apache Tomcat 5.5 family

g. ESXi update to third party component bzip2

The bzip2 library is updated to version 1.0.6, which resolves a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue.

VMware Product

Product Version

Running On

Replace with/Apply Patch

vCenter

any

Windows

not affected

Hosted *

any

any

not affected

ESXi

5.0

ESXi

ESXi500-201203101-SG

ESXi

4.1

ESXi

not affected

ESXi

4.0

ESXi

not affected

ESXi

3.5

ESXi

not affected

ESX

any

ESX

not appilcable

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.